CNN, as you’d expect, went ballistic. (There’s an adage in the journalism biz — if it rains today at The Editor’s house, weather will be on the front page tomorrow.) The worm also had a local effect, shutting down computers at KTRK Channel 13, the Houston ABC affiliate.

Here’s the deal. Businesses are often overly cautious about applying software patches, worried that a change in code will wreak havoc with stable systems. They like to wait and test something before applying it across the enterprise.

Windows 2000 is primarily a business operating system. While most desktop and home users have moved to Windows XP, a lot of businesses still cling to Windows 2000 — particularly for their servers.

So being cautious, in this case, is actually throwing caution to the wind. The time between the discovery of an security flaw and malicious code to take advantage of it is constantly shrinking.

Be smart: Patch or die.

Update: CNet, which was uncharacteristically slow to come to this story, now has an update on the spread. Writer Joris Evers talked to TrendMicro, who said it may not be one worm, but many variants:

All of the worms exploit a security hole in the plug-and-play feature in the Windows 2000 operating system. Microsoft offered a fix for the bug as part of its monthly patching cycle last week. The software maker deemed the issue “critical,” its most serious rating.

“It seems like every couple of minutes a new variant comes in. We cannot pinpoint the infections to one variant,” said Joe Hartmann, director of the antivirus research group at Trend Micro. “We are still gathering infection reports. It is coming globally.”

Symptoms of infection include the repeated shutdown and rebooting of a computer, Trend Micro said.

Microsoft is investigating the reports of the worm outbreak, the company said in a statement. It lists “Worm_Rbot.CEQ,” an Rbot variant, as the possible cause of the trouble.

Regardless of the culprit, the bottom line is this: If you didn’t patch, you’re vulnerable. There’s just no excuse.

Update 2.0: Reuters quotes security experts as saying indeed it’s not Zotob causing the problem. [Note: We’ve since overwritten this story on the Chronicle site with a more detailed and up to date Associated Press story.]